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Abstract 

Linear arithmetic extended with free predicate symbols is undecidable, in general. We 
show that the restriction of linear arithmetic inequations to simple bounds extended with the 
Bernays-Schonfinkel-Ramsey free first-order fragment is decidable and NEXPTIME-complete. 
The result is almost tight because the Bernays-Schonfinkel-Ramsey fragment is undecidable 
in combination with linear difference inequations, simple additive inequations, quotient in¬ 
equations and multiplicative inequations. 


1 Introduction 

Satisfiability of the Bernays-Schonfinkel-Ramsey (BSR) fragment of first-order logic is decidable 
and NEXPTIME-complete |Lew80l . The complexity remains if the fragment is restricted to a 
clause normal form. Only further restrictions on the number of literals per clause enable better 
complexity results |Pla84] . Its extension with linear arithmetic is undecidable. For example, 
Halpern |Hal91| showed that the combination of Presburger Arithmetic with one unary predicate 
yields undecidability. His proof relies on V3 quantifier alternations on the arithmetic part. The 
naturals can be defined on the basis of linear real arithmetic with the help of one (extra) unary 
predicate. Fietzke and Weidenbach [FW12] showed undecidability for the combination of linear 
real arithmetic with several binary or one ternary predicate. The proof is based on a reduction of 
the two-counter machine model [Min67] to this fragment where a purely universal quantifier prefix 
suffices. Two-counter machine instructions are translated into clauses of the form 

(*) x' = x + 1 || P(i, x, y ) -> P(i + 1, x', y) 

(ii) x = 0 jj P(i,x,y) -A P(j,x',y) 

x > 0, x' = x — 1 |j P(i, x, y) —> P(i + 1, x ', y) 

where P{i,x,y) models the program at instruction i with counter values x, y. Then, clause 

(i) models the increment of counter x (analogous for y) and a go to the next instruction; clauses 

(ii) model the conditional decrement of x (analogous for y) and, otherwise, a jump to instruction 
j . The start state is represented by a clause ||—1 P(l,n,m) for two positive integer values n, m , 
and the halt instruction is represented by an atom P(halt,:r,y) and reachability of the halting 
state by a clause || P(halt, x, y) —> □. Then, a two-counter machine program halts if and only if 
the BSR clause set of linear arithmetic with one ternary predicate constructed out of the program 
is unsatisfiable. Note that for this reduction it does not matter whether integer or real arithmetic 
is the underlying arithmetic semantics. The first argument of P is always a natural. 

‘This work has been partly funded by the German Transregional Collaborative Research Center SFB/TR 14 
AVACS. 
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Our first contribution is refinements of the two-counter machine reduction where the arith¬ 
metic constraints are further restricted to linear difference inequations x — y < c, simple additive 
inequations x + y<c, quotient inequations x<c-y and multiplicative inequations x-y<\c where c € R, 
and <1 £ {<,<,=, >, >}. Under all these restrictions, the combination remains undecidable, 

respectively (see Section [7]). 

On the positive side, we prove decidability of the restriction to arithmetic constraints consisting 
of simple bounds of the form x < c, where < and c are as above. Underlying the result is the 
observation that similar to the finite model property of BSR, only finitely many test points are 
sufficient for the arithmetic simple bounds constraints. Our construction is motivated by results 
from quantifier elimination [LW93I and hierarchic superposition | IBGW94j 1KW121 IFW12] , For 
example, consider the two clauses 

X 2 / 5 || R(x i) -+ Q(u 1 ,x 2 ) 

Vi < 7,2/2 < 2 jj -+ Q{c,y 2 ),R{yi) 


where u\ is a free first-order variable, ccj, yi are variables over the reals, and c is a free first-order 
constant. Our main result reveals that this clause set is satisfiable if and only if for every variable 
at the first argument of Q the constant c is substituted (Corollary ITCJl) . for the second argument of 
Q the abstract real values 5+e and —oo and for R the value —oo (Definitions[Gl[8j Lemma fTSl) . The 
instantiation does not need to consider the simple bounds y\ < 7, y 2 < 2, because it is sufficient 
to explore the reals either from —oo upwards or from +oo downwards, as is similarly done in 
linear quantifier elimination [LW931 . Also instantiation does not need to consider the value 5 + e 
for R, motivated by the fact that hierarchic superposition will not derive the respective simple 
bound for the first argument of R in any generated clause [BGW94] , This idea can be extended 
to free argument positions of predicates and the respective free constants. Every BSR clause set 
combined with simple bounds is always sufficiently complete because it does not contain a free 
non-constant function symbol. 

All abstract values are represented by Skolem constants over the reals, together with defining 
axioms. For the example, we introduce the fresh Skolem constants a_oo to represent — oo and 
05 + e to represent 5 + e together with axioms expressing a_oo < 2 < 5 < 05 + £ . Eventually, we 
obtain the ground clause set 



a-oo > 2 || 



5 > a 5+E || 



a 5+e 7^ 5 II 

R(a 


a-oo ^ 5 II 

R(a 

oo 

< 7 ,05+5 < 2 


CX—oo 

< 7 , a_oo < 2 | 


OC' ^ 

KJL — oo 

= 1, af +e = 6 

R A 


-»■ □ 
-»■ □ 


t R((X — oo) 

— t Q( c > a -oo)i R(a — oo) 


the result that every BSR clause set with simple bounds has a satisfiability-preserving ground 
instantiation with respect to finitely many constants, we prove NEXPTIME-completeness of the 
fragment in Section [5] For this result, the fine grained instantiation introduced in Section [3] and 
explained above by example is not needed. However, our further goal is to develop useful reasoning 
procedures for the fragment for which a smaller set of instances improves efficiency a lot. For the 
same reason, we do not restrict our attention to the BS fragment, but consider equality as a first 
class citizen of the logic from the very beginning. 

Once a BSR clause set with simple bounds is grounded, there are a variety of efficient decision 
procedures known, such as SMT solvers employing the Nelson-Oppen [NO791 principle. However, 
for a large number of Skolem constants or large clause sets, an a-priori grounding may, due to its 
exponential increase in size, not be affordable. We are not aware of any calculus that is actually a 
decision procedure for the BSR fragment with simple bounds, although some work in this direction 
has been done already [BFT08I IRumf)8l IBLdMlfl IKW12] . 

The decidability result on simple bounds can be lifted to constraints of the form x < s where 
x is the only variable and s a ground expression. The lifting is done by the introduction of 
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further Skolem constants for complicated ground terms, following ideas of [KW12j and presented 
in Section [G] The paper ends with a conclusion, Section [5] 


2 Basic Definitions 

Hierarchic combinations of first-order logic with background theories IBGW94] build upon sorted 
logic with equality. A (sorted) signature E consists of a set S of sorts, a set Q of function 
symbols together with sort information and a set n of predicate symbols also equipped with sort 
information. For the sake of simplicity, we restrict ourselves to two sorts: the base sort TZ 
interpreted as the set R of reals by all the interpretations we shall consider - and the free sort S 
interpreted by some freely selectable nonempty domain. Throughout the paper we use convenient 
notation such as P : £1 x ... x £ m £ n to address an to- ary predicate symbol with full sort 
information; P/m £ n if there is some predicate symbol P of arity m in n; P £ n if there is 
some to such that P/m £ n. To avoid confusion, we assume that n contains at most one pair 
P : £1 x ... x £ m for every P, and do not allow for multiple occurrences of P with different arity 
or sorting. Similar conventions shall hold for function symbols. In addition, we occasionally use 
the notation 11 D C (where C is an arbitrary set of constant symbols without annotated sorting 
information) to denote the set {c | c : £ £ fl for some sort £ and c £ C}. 

We instantiate the framework of hierarchic specification from |BGW94] by the hierarchic com¬ 
bination of the BSR fragment of first-order logic with a base theory allowing for the formulation of 
simple constraints on real-valued constant symbols and variables. Formally, the used specification 
of the base theory comprises the base signature Ela := ({P.}, Hla U ^lajHla), where 

Gla := {r :TZ | r £ R} U {ci :TZ ,..., c K :TZ}, 

Hla := {a-oo'.ll} L> {a c+s :ll\c £ fi LA }, 

n LA := {< : P 2 , < : TZ 2 , = : TZ 2 , ^ : TZ 2 , > : TZ 2 , > : 1Z 2 }, 

together with the class 9It of models containing one base model A4 for every possible allocation 
of the Skolem constants c±,... ,c K in Hla and the ones in fl^A to real numbers. Moreover, each 
of the base models A4 £ 9Jt shall extend the standard model A4la of linear arithmetic over the 
reals, i.e. 1Z M = R and c M = c for every constant symbol c £ Hla H R and <s M = <1 for every 
<d £ {<,<,=, 7 ^,>,>} in other words all real numbers serving as constant symbols represent 
their canonical value under each A4 £ 9 71 and every such A4 interprets all predicate symbols 
<,<,=, 7 ^, >, > by their standard meaning on the reals. 

The definition of the base theory leaves the exact number k of additional Skolem constants 
open; it may be 0. While adding all reals as constant symbols to the signature serves the aim 
of defining 9 71 to contain term-generated models only, the Skolem constants Ci,..., c K serve at 
least two purposes. Firstly, the modeling capabilities of our logical language are enhanced by real¬ 
valued constant symbols of which the exact value is not predetermined. Secondly, in Section [ 6 ] we 
outline a technique which allows us to soften our requirements towards the syntax a bit so that 
ground non-constant terms s of the base sort become admissible in addition to constant symbols 
and variables. The method has already been described in JK W12j under the name basification 
and introduces defining unit clauses such as c = s where c is a fresh Skolem constant and s is a 
variable-free term. 

In fact, we introduce even more Skolem constants by adding the set flg A to the base signature. 
For notational convenience, we syntactically distinguish this special kind of base-sort constant 
symbols at, t being of the form — oo or d + e for arbitrary base-sort constant symbols d £ Hla- 
These will play a key role when we instantiate base-sort variables later on. We associate an 
inherent meaning with constant symbols at that will be formalized by means of special of axioms. 

We hierarchically extend the base specification (Ela, 911) by the free sort S and finite sets 
G and n of free constant symbols and free predicate symbols, respectively, each equipped with 
appropriate sort information. We use the symbol « to denote the built-in equality predicate on 
S. To avoid confusion, we assume each constant or predicate symbol to occur in at most one of 
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the sets Qla. ^la> LRa, n and that none of these sets contains the ss symbol. In the light of 
sorted terms we consider two disjoint countably infinite sets of variables Vr - the variables of the 
base sort , usually denoted x,y,z - and Vs - the free-sort variables , usually denoted u, w. 

Definition 1 (BSR Clause Fragment with Simple Bounds). 

Let ({'ll, <S}, fi, II) be a signature such that f l exclusively contains constant symbols c of the 
free sort and no function symbols of greater arity, and such that for every predicate symbol 
P : x ... x G II and every argument position i <m it holds fi G {1Z, 5}. 

An atomic constraint is of the form c<d or x<d or a i <\d or x = a t or a t = op with c, d G HlA; 
x G Vr, a u a t - G and < € {<> => A >}■ 

A free atom A is either of the form s s=s s' with s, s' being free-sort constant symbols in or 
free-sort variables in Vs, respectively, or A is of the form P(s i, ..., s m ), where P : £i x ... x G II 
is an m -ary predicate symbol. For each i < m the term s, shall be of the sort If fi = 7Z, then 
Si must be a variable x G Vr , and in case of = S, s» may be a variable u G Vs or a constant 
symbol c : S gH. 

A clause has the form A || T —> A, where A is a multiset of atomic constraints, and T and A 
are multisets of free atoms. We usually refer to A as the constraint part and to T —>• A as the free 
part of the clause. 

We conveniently denote the union of two multisets 0 and 0' by juxtaposition 0, 0'. Moreover, 
we often write 0, A as an abbreviation for the multiset union 0 U {A}. In our clause notation 
empty multisets are usually omitted left of >” and denoted by □ right of (where □ at the 
same time stands for falsity). 

Intuitively, clauses A || F —> A can be read as (/\ AA/\ r) —>• \J A. Put into words, the multiset 
A stands for a conjunction of all atomic constraints it contains, T stands for a conjunction of the 
free atoms in it and A stands for a disjunction of the contained free atoms. All occurring variables 
are implicitly universally quantified. Requiring the free part r —> A of clauses to not contain 
any base-sort constant symbols does not pose any restriction to expressiveness. Every base-sort 
constant symbol c in the free part can safely be replaced by a fresh base-sort variable x c when 
an atomic constraint x c = c is added to the constraint part of the clause (a process known as 
purification, cf. [BGW9411K W121 1. 

In the rest of the paper we omit the phrase “over the BSR fragment with simple bounds” 
when talking about clauses and clause sets, although we mainly restrict our considerations to this 
fragment. 

A hierarchic interpretation over the hierarchic specification ((Ela, VSl), ({5, 1Z}, SI, II)) is an 
algebra A which extends a model M G ©t, i.e. A and M interpret the base sort and all constant 
and predicate symbols in Hla U S!l A and IIla in exactly the same way. Moreover, A comprises a 
nonempty domain assigns to each constant symbol c:S in Q a domain element G 5^ and 
interprets every predicate symbol P.fi x ... x G II by a set P A C x ... x Summing up, 
A extends the standard model of linear arithmetic and adopts the standard approach to semantics 
of (sorted) first-order logics when interpreting the free part of clauses. 

Given a hierarchic interpretation A, a variable assignment is a sort-respecting total mapping 
P : VrAVs —> KU5- 4 so that j3{x) Gt for every variable x G Vr and f)(u) G (S' 4 for every u G Vs- 
We write A(/3)(s) to mean the value of the term s under A with respect to the variable assignment 
p. In accordance with the notation used so far, we thus define A(P)(v) := P(v) for every variable 
v and A(P)(c) := c A for every constant symbol c. As usual, we use the symbol |= to denote truth 
under a hierarchic interpretation A, possibly with respect to a variable assignment p. In detail, we 
have the following for atomic constraints, equational and nonequational free atroms and clauses, 
respectively: 

• A, P f= s < s' if and only if A(P)(s) < A(P)(s'), 

• A, P |= s w s' if and only if A(p)(s) = A(p)(s r ), 

• A. P (= Pis i,..., s m ) if and only if 
(A(P)( Sl ),...,A(p)(s m ))eP A , 
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• A, {3 (= A || F —► A if and only if 


— A, f3 s <a s' for some atomic constraint (s < s') £ A, 

— A, /3 y=- A for some free atom A £ F, or 

— A, /? |= B for some free atom B £ A. 

The variables occurring in clauses shall be universally quantified. Therefore, given a clause C, we 
call A a hierarchic model of C, denoted A \= C, if and only if A, /3 |= C holds for every variable 
assignment /3. For clause sets N, we say A is a hierarchic model of N, also denoted A f= N, if 

and only if A is a model of all clauses in N. We call a clause C (a clause set N) satisfiable w.r.t. 

9JI if and only if there exists a hierarchic model A of C (of N). Most of the time, we will omit 
the explicit reference to 9Tt, although we shall only consider models as satisfying that extend the 
standard model of linear real arithmetic. 

From now on, we implicitly base all further considerations on a hierarchic specification 
((Sla, 9Jt), ({5, TZ}, n, II)) whose extension part {{5, TZ}, fi, II) fulfills the requirements stipulated 
in Definition [T| and which we simply take for granted. Often the sets I2 la\R, 0 and II will coincide 
with the constant and predicate symbols that occur in a given clause set, and we thus assume a 
proper definition of the hierarchic specification. 

Substitutions a shall be defined in the standard way as sort-respecting mappings from variables 
to terms over our underlying signature. The restriction of the domain of a substitution a to a 
set V of variables is denoted by ojy and shall be defined so that va\v '•= va for every v £ V 
and va\v = v for every v rf V. While the application of a substitution a to terms, atoms and 
multisets thereof can be defined as usual, we need to be more specific for clauses. Consider a 
clause C = A || T —> A and let X\,...,Xk denote all base-sort variables occurring in C for which 
Xi& ^ Xi. We then set Ca := Act, X\ = X\ ct, ..., Xk = Xk<J || (r A)ct|v s . Simultaneous 
substitution of k > 1 distinct variables v\,... Vk with terms s\,..., Sk shall be denoted in vector 
notation [iq,..., Vk / S \,..., Sk] (or [v / s] for short), where we require every Sj to be of the same 
sort as Vi, of course. 

Consider a clause C and let ct be an arbitrary substitution. The clause Ca and variable- 
renamed variants thereof are called instances of C. A term s is called ground , if it does not 
contain any variables. A clause C shall be called essentially ground if it does not contain free-sort 
variables and for every base-sort variable x occurring in C, there is an atomic constraint x = d in 
C for some constant symbol d £ Hla U D£ a . A clause set N is essentially ground if all the clauses 
it contains are essentially ground. 

We can restrict the syntactic form of clauses even further without limiting expressiveness. 

Definition 2 (Normal Form of Clauses and Clause Sets). A clause A || F —>• A is in normal form 
if all base-sort variables which occur in A do also occur in T —> A. A clause set N over the BSR 
fragment with simple bounds is in normal form if all clauses in N are in normal form and pairwise 
variable disjoint. 

Let us briefly clarify why the above requirement on clauses does not limit expressiveness. 
Any base-sort variable x not fulfilling the stated requirement can be removed from the clause 
A || r —> A by existential quantifier elimination methods that transform A into an equivalent 
constraint A' in which x does not occurQ Moreover, A' can be constructed in such a way that it 
contains only atomic constraints of the form admitted in Definition [l] and so that no variables or 
constant symbols other than the ones in A are necessary. 

Given a clause set N, we will use the following notation: the set of all constant symbols 
occurring in N shall be denoted by consts(A). While the set bconsts(IV) exclusively contains all 
base-sort constant symbols from I2 la that occur in N , all base-sort constant symbols at appearing 
in N shall be collected in the set aconsts(A) := consts(A) Cl flg A . The set of all free-sort constant 

1 Methods for the elimination of existentially quantified real variables include Fourier-Motzkin variable elimina¬ 
tion IDE73I . the Loos-Weispfenning procedure 1LW93I and many others, see e.g. Chapter 5 in IKS08I for further 
details. 
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symbols in N is called fconsts(JV). Altogether, the sets bconsts(A^), aconsts(iV) and fconsts(iV) 
together form a partitioning of consts(iV) for every clause set N. We moreover denote the set of 
all variables occurring in a clause C (clause set N) by vars(C) (vars(TV)). 


3 Instantiation of Base-Sort Variables 

We first summarize the overall approach described in this section in an intuitive way. To keep the 
informal exposition simple, we pretend that all base-sort constant symbols are taken from R and 
thus are interpreted by their canonical value in all hierarchic interpretations. Consequently, we 
can speak of real values instead of constant symbols, and even refer to improper values such as 
—oo (a “sufficiently small” real value) and r + e (a real value “slightly larger than r but not too 
large”). A formal treatment with proper definitions will follow. 

Given a finite clause set N, we aim at partitioning the reals R into finitely many partitions so 
that whenever N is satisfiable, there exists a hierarchic model A of N 

(fpt) whose interpretation of predicate symbols does not distinguish between values within the 
same partition. 

As soon as we found such a finite partitioning V, we pick one real value r p (E p as representative from 
every partition p G V. The following observation motivates why we can use those representatives 
instead of using universally quantified variables: given a clause C that contains a base-sort variable 
x , and given a set {ci,..., ct} of constant symbols such that {cf, ..., c£} = { r p \ p £ V} it holds 



(1) 


The equivalence claims that we can transform universal quantification over the base domain 
into finite conjunction over all representatives of partitions in V. The formal version of this 
statement is given in Lemma ITTfl and we will see that hierarchic models complying with property 


(fPr) play a key role in its proof. Since V is supposed to be finite, the resulting set of instances 


{C'[cc /Ci] | 1 < i < k} is finite, too. 


It turns out that the notion of elimination sets described by Loos and Weispfenning in [LW931 


(in the context of quantifier elimination for linear arithmetic) can be adapted to yield reasonable 
sets of representatives from which we can construct a finite partitioning exhibiting the described 
characteristics. In this case the partitions are intervals on the real axis. Intuitively speaking, we 
start with the partitioning Vo consisting of a single partition Vo = {(—oo, +oo)}. This initial 
partition shall be represented by —oo (the “default representative”). We then successively extract 
from the given clause set N larger and larger points r on the real axis at which we have to introduce 
a new boundary, cut off the interval that is currently unbounded from above at that boundary and 
introduce the cut-off part as a new interval to the partitioning. For instance, an interval [r / , +oo) 
might be cut into two parts [r',r] and (r,+oo) for some point r > r'. Both parts become then 
new partitions in the partitioning and while the interval [r',r] will be represented by r', the other 
partition (r, + 00 ) will have r + e as its representative. At the end of this process the overall result 
will be a finite partitioning of the real numbers with the desired properties. 

In fact, we will operate on a more fine-grained level than described so far, as we define such 
partitionings independently for certain groups of base-sort variables. The possible benefit may be 
a significant decrease in the number of necessary instances. But there is even more potential for 
savings. The complete line of definitions and arguments will be laid out in detail for one direction 
of instantiation along the real axis, namely in the positive direction starting from —00 and going on 
to larger and larger instantiation points. However, one could as well proceed in the opposite way, 
starting from +00 and becoming smaller and smaller thereafter. While theoretically this duality 
is not worth much more than a side note, it appears to be quite interesting from a practical point 
of view. As it turns out, one can choose the direction of instantiation independently for each 
base-sort variable that needs to be instantiated. Hence, one could always pick the direction that 
results in less instantiation points. Such a strategy might again considerably cut down the number 
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of instances in the resulting clause set and therefore might lead to shorter processing times when 
applying automated reasoning procedures. 

Formally, the aforementioned representatives are induced by constant symbols when interpreted 
under a hierarchic interpretation. Independently of any interpretation these constant symbols will 
serve as symbolic instantiation points , i.e. they will be used to instantiate base-sort variables 
similar to the Cj in equivalence ©■ We start off by defining the set of instantiation points that 
need to be considered for every base-sort variable. This set depends on the constraints affecting 
such a variable. However, we first need to develop a proper notion of what it means for a base-sort 
variable to be affected by a constraint. The following example shall illustrate the involved issues. 

Example 3. Consider the following clauses: 


xi^-5 || T(x 1 ), Q(xi,x 2 ) , 

yi < 2, 2/2 < o || -t Q(yi,y 2 ) , 

Zi > 6 II T(zi) -4- □ . 

Obviously, the variables x±, y\, yi and z\ are affected by the constraints in which they occur 
explicitly. In the given clauses variables are just names addressing argument positions of predicate 
symbols. Thus, it is more suitable to speak of the argument position (T , 1) instead of variables 
x\ and Z\ that occur as the first argument of predicate symbol T in the first and third clause. 
Speaking in such terms, argument position (T, 1) is directly affected by the constraints X\ ^ —5 
and z\ > 6, argument position (Q, 1) is directly affected by x\ / —5 and y\ < 2, and finally (Q, 2} 
is affected by yi < 0. As soon as we take logical consequences into account, the notion of “being 
affected” needs to be extended. The above clause set, for instance, logically entails the clause 
x > 6 || —>• Q(x,y). Hence, although not directly affected by the constraint z\ > 6 in the clause 
set, the argument position ( Q , 1} is still indirectly subject to this constraint. The source of this 
effect lies in the first clause as it establishes a connection between argument positions (T, 1} and 
(Q, 1} via the simultaneous occurrence of variable X\ in both argument positions. 

One lesson learned from the example is that argument positions can be connected by variable 
occurrences. Such links in a clause set TV shall be expressed by the relation 

Definition 4 (Connections between Argument Positions). Let TV be a clause set in normal form. 
We define the relation ^jv to be the smallest equivalence relation over pairs in n x N such 
that (Q,j) (P,i) whenever there is a clause in TV containing free atoms Q (..., v ,...) and 

P(. .. ,v,...) in which the variable v occurs at the j-th and z-th argument position, respectively. 
(Note that Q = P or j = i is possible.) 

The relation induces the set {[(P, | P/m £ n, 1 < i < to} of equivalence classes. 

To simplify notation a bit, we write [(P, z)] instead of [(P, i)]±^ N when the set TV is clear from the 
context. 

As we have argued earlier, it is more precise to speak of argument positions rather than 
variables, since their names are of no particular relevance. Nevertheless, variable names are a 
syntactical necessity. The following definition is supposed to provide a means to address the 
argument position class a variable stands for. 

Definition 5 (Argument Position Class). Let TV be a clause set in normal form. Consider a 
variable v that occurs at the z-th argument position of a free atom P(..., v ,...) in TV. We denote 
the equivalence class of argument positions v is related to in TV by ap Ar (u), i.e. ap Ar (u) := [(P, i)\^ N ■ 
If v is a free-sort variable that exclusively occurs in equations v ~ s in TV, we set ap Ar (u) := 0. 

There is a crucial subtlety in this definition that guarantees well-definedness, namely that the 
clauses in TV are variable disjoint. Given a clause C £ TV and a variable v which occurs in different 
argument positions (Q,j) and (P, i) in C, the definition of entails (Q,j) (P, *)■ Therefore, 

[{Q,j)\ and [(P, i)] are identical. Since v does not occur in any other clause in TV, the class ap Ar (u) 
is well-defined to be [(P, z)]. 
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Next, we collect the instantiation points that are necessary to eliminate base-sort variables by 
means of finite instantiation. In order to do this economically, we rely on the same idea that also 
keeps elimination sets in |LW93) comparatively small. 

Definition 6 (Instantiation Points for Base-Sort Argument Positions). Let IV be a clause set 
in normal form and let P : £1 x ... x £ II be a free predicate symbol occurring in N. Let 
j : = {i |& = n , 1 < i < to} be the indices of P’s base-sort arguments. For every i £ J, we define 
IP'i N t° be the smallest set fulfilling 

(i) d £ Ip,i,N if there exists a clause C in N containing an atom P(..., x ,...) in which x occurs 
as the i-th argument and a constraint x = d or x > d with d £ Ola appears in C, and 

(ii) ctd+e £ Zp,i,N if there exists a clause C in N containing an atom of the form P(..., x, ...), 
in which x is the *-th argument and a constraint of the form x ^ d or x > d or x = ctd+e 
with d £ S1la appears in C. 


The most apparent peculiarity about this definition is that atomic constraints of the form x < d 
and x < d are completely ignored when collecting instantiation points for x’s argument position. 
First of all, this is one of the aspects that makes this definition interesting from the efficiency point 
of view, because the number of instances that we have to consider might decrease considerably 
in this way. To develop an intuitive understanding why it is enough to consider constraints x < d 
with <1 £ {=, >, >} when collecting instantiation points, the following example may help. 


Example 7. Consider two clauses C = x > 2, x < 5 || —>• T(x) and D = x < 0 || T{x) -¥ □. 
Recall that we are looking for a finite partitioning V of R so that we can construct a hierarchic 
model A of the clause set {C, D} that complies with (<ffr)[ i.e. for every partition p £ V and 
arbitrary real values rq, r 2 £ p it shall hold rq £ T A if and only if r 2 £ T A . Of course, there exist 
infinitely many candidates for V. A natural one is {(—oo, 0), [0, 2], (2, 5], (5, +oo)} which takes 
every atomic constraint in C and D into account. Correspondingly, we find a candidate predicate 
for T a , namely the interval (2, 5], so that A is a hierarchic model of C and D alike and it obeys 


(*}k) with respect to the proposed partitioning V. 


But there are other interesting possibilities, too, for instance, the more coarse-grained par¬ 
titioning {(—oo, 2], (2, +oo)} together with the predicate T A = (2,+oo). This latter candidate 
partitioning completely ignores the constraints x < 0 and x < 5 that constitute upper bounds 
on x. Dually, we could have concentrated on the upper bounds instead (completely ignoring the 
lower bounds). This would have lead to the partitioning {(—oo, 0), [0, 5], (5, +oo)} and candidate 
predicates T A = [0,5] (or T a = [0,+oo)). Both ways are possible, but the first one induces a 
simpler partitioning. 


The example has revealed quite some freedom in choosing an appropriate partitioning of the 
reals. A larger number of partitions directly leads to a larger number of representatives (one 
for each interval). In fact, we use the collected instantiation points as representatives and taken 
together they induce the partitioning (as we will see in the next definition). It is due to this direct 
correspondence of partitions and instantiation points that a more fine-grained partitioning entails 
a larger number of instances that need to be considered. Hence, regarding efficiency, it is of high 
interest to keep the partitioning coarse. 

Definition 8 (Instantiation Points for Argument Position Classes and Induced Partitioning of 
R). Let A^ be a clause set in normal form and let A be a hierarchic interpretation (over the same 
signature). For every equivalence class [(P, z)] induced by ^jv we define the following: 

The set Pupaljv of instantiation points for [(P, z)] is defined by 


l{(P,i)],N ■= {a-oo} U [J Zq.j.n ■ 

{Qj)e{(P,i )] 

The sequence rq,..., r*, shall comprise all real values in the set { c A | c £ 2[(p,i)],Ar C Dla or 
a c + E £ P[(p,i)i jv} ordered so that n < ... < r*,. 
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Given a real number r, we say Zup.-iM.N A-covers r if there exists an instantiation point c G 
Z[(P j>] tv HSIla with c A = r; analogously (r + e) is A-covered by I^ P ^ N if there is an instantiation 
point a c+e G 1^ P ^ N with c A = r. 

The partitioning P[(p Aijv ,.4 of the reals into finitely many intervals shall be the smallest 
partitioning (smallest w.r.t. the number of partitions) fulfilling the following requirements: 

(i) If ri is ^-covered by I[(p,i)], n, then (- 00 , rq) G 'P[(p,i)],jv,.A; otherwise, (- 00 , rq] G P[(p ti )],N,A- 

(ii) For every j, 1 < j < k, if rj and rj + £ are both ^-covered by X^ P ^^ N , then [rj,rj] = {r^} G 
P[(P,i)],N,A- 

(iii) For every £, 1 < £ < k, 

dli) if re + e and r i+1 are both ^-covered by X^p^n, then (re,re +1 ) G 'P[(p,i)],jv,.A> 
dUDii) if re + £ is ^-covered by X[(p,j)],jv but rq+i is not, then (rq,rq+i] G ^[<p,i>], jv,^4, 

(EDiii) if re + £ is not ^-covered by Z[(p,j)],jv but rt+i is, then [re,n+ 1 ) G P[<p,»)],jv„a, 

(Imlivl if neither n + e nor rq +1 is M-covered by X^ P ^ N , then [r^,r^+ 1 ] G V[(p,i)],N,A- 

(iv) If rfe + e is ^l-covered by ^[(p,»)],jV) then (rk,+ 00 ) G 'P[{p,i)],N,A> otherwise [rfc,+oo) G 
P[(P,i)],N,A- 

Please note that partitionings as described in the definition do always exist, and do not contain 
empty partitions. Moreover, it is worth to notice that for all instantiation points c and a c _j_ e in a 
set Iqj.n we have c G IIla- Hence, the concrete values assigned to constant symbols on do not 
contribute to the respective partitionings of R. 

We now fix the semantics of constant symbols on by giving appropriate axioms that make 
precise what it means for a_oo to be “small enough” and for a c+e to be “a little larger than c but 
not too large” under any hierarchic model A that satisfies the corresponding axioms. 

Definition 9 (Axioms for Instantiation Points an). Let I be a set of instantiation points and 
C C S1 L a be a set of base-sort constant symbols. We define the set of axioms 

Ax x ,e := {a_oo < c | a_oo G X and c G C} U {d < a d + e \ a d + E G X} 

U {d < c —> a d+e < c | a d+e G I and c G C \ {d}} 

U {d = c —>■ a d+e = a c+e \ a d+e G X and c G C \ {d}} . 

The axioms we just introduced are clearly not in the admissible clause form. But they can 
easily be transformed into proper clauses with empty free parts. For convenience, we stick to the 
notation given here, but keep in mind that formally the axioms have a form in accordance with 
Definition [0 

The following proposition shows that every hierarchic interpretation can be turned into a model 
of a given set of axioms of the above shape by modifying the values assigned to constant symbols 
at. The proposition relies on three facts concerning the ordering (R, <): totality of <, the lack of 
minimal and maximal elements, and the density of (R, <), i.e. for arbitrary reals r± < r- 2 . there is 
an r' between them. 

Proposition 10. Let X be a nonempty set of instantiation points and let C be a nonempty set 
of base-sort constant symbols from Dla- Given an arbitrary hierarchic interpretation A , we can 
construct a hierarchic model B so that (ii) B |= Axx,q and B and A differ only in the interpretation 
of the constant symbols in aconsts(Axi i c)- 

Proof. The model B can be derived from A by redefining the interpretation of all constant symbols 
«t G X as follows: 

:= minjc 4 | c G C} — 1 , 

a d+e := \ {d A + mindc 4 | c G C, c A > d A } U {d A + 1})) . 

Everything else is taken over from A. □ 
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Previously, we have been speaking of representatives of partitions p in a partitioning V of the 
reals. As far as we know by now, these are just real values r p £ p from the specific interval they 
represent. The next lemma shows that we can find constant symbols c p in the set of instantiation 
points to address them. Furthermore, we will see where the values of these constant symbols lie 
within the respective interval. 

In order to have a compact notation at hand when doing case distinctions on intervals, we use 
“(•” to stand for “(” as well as for “[”. Analogously, “■)” is used to address the two cases “)” and 
“]” at the same time. 

Lemma 11. Let iV be a clause set in normal form and let A be a hierarchic model of 

Axxvp i>i jv>bconsts(iV) for an arbitrary argument position pair ( P,i }. For every partition p £ 

'P[{ p < i )]^N,A we find some constant symbol C[(p,i)], P £ I^ P ^ N so that c ,| pj n p £ p and 

(i) if p = (— 00 , tv) or p = (— 00 , + 00 ), then c^ Pi ^ p < d A for every d £ bconsts(IV), 

(ii) if p= [re, r u ) or p = [re, + 00 ), then c^ Pi ^ p = re- 

(iii) if P = (: n,r u •) or p= (re, + 00 ), then r e < and c^ Pi ^ p < d A for every d £ bconsts(iV) 

with re < d A . 


Proof. We proceed by case distinction on the form of the partition p. 


Case p = (—oo,r u ) for some real value r u . By construction of V\(p,i)],n,a- there is a constant 
symbol e £ bconsts(TV) so that e A = r u . Moreover, we find the instantiation point a_oo 
in 2 [(p,»)],jv and thus Axj [(Pi>] JV> bconsts(Ar) contains the axiom a_oo < d for every constant 
symbol d £ bconsts(IV), in particular a_oo < e. Hence, £ (— 00 ,r u ). 

Case p = (— 00 , + 00 ). We find the instantiation point a_oo in Iupm n, and obviously a lies 
in p. Moreover, Ax I[(pi>] N) bconsts(iVj contains the axiom a_oo < d for every constant symbol 
d £ bconsts(IV). 


Case p = [re, r u ) for real values re, r u with re < r u . 

If p is a point interval [re, re], then we find a constant symbol e £ X\( P ,i )],jv H Hla so that 
P = {e- 4 }- 

If p is not a point interval, i.e. re < r u , then the definition of 7*up,i)],N,A entails the existence 
of a constant symbol e £ bconsts(IV) such that e A = re and either e £ Typoi v or 
a e + s £ Iu P ^i N . But since the partition p is not a point interval, re + £ cannot be 
M-covered by and thus a e + e cannot be in I^ P ^ N . Consequently, e must be 

in Iupm^n and we can choose c^p^^p := e. 

The case of p = [re, + 00 ) can be argued analogously to the previous case. 


Case p = (re, r u •) for real values re, r u with re < r u 


By construction of P[(p,i)],N,A, we find some instantiation point a e + e £ 2T[<p,i>],jv so that 
Moreover, there exists a second constant symbol e' £ bconsts(iV) for which 


A 

e = re- 
„/A _ _ 


As a consequence of a e + £ £ 1-[(p,i)}.N the set Ax^ 


[(e,i>],iv 


axioms e < a e +e and e < d —> a e + e < d for every constant symbol d £ 


.bconsts (jv) contains the 


particular for d = e'. And since A is a model of Axx [(Pi>] N ,bmnsts(N), requirement (iii) 

Ji 


bconsts(iV), in 
is 


satisfied and furthermore a A +s £ p follows, since e A < a; 


e+e 


< e‘ 


tA 


Case p = (re, + 00 ). There must be an instantiation point a e + e in Ir/pmjv such that e A = re- As 
we have already done in Definition[8j we denote by r \,..., r*, all real values in ascending order 
which A assigns to constant symbols d £ bconsts(iV) that either themselves are instantiation 
points in X^ Pi ^ tN or for which a^+e occurs in I[(py)], n- By construction of V[(p t i)] t N,A> we 
know re = r^ > r^_ 1 > ... > r±, and thus there is no base-sort constant symbol e' in 
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bconsts(-ZV) fulfilling re < e' A . 
Finally, we may conclude a A +s 


Consequently, (iii) is satisfied if we choose Cup ti \i p := a e + e . 


£ p, because Axj 




,bconsts(iV) contains the axiom e < 


&e+£ • 


□ 


We have arrived at one of the core results of the present paper. The next lemma shows that we 
can eliminate base-sort variables x from clauses C in a clause set N by replacing C with finitely 
many instances in which x is substituted with the instantiation points that we computed for x. 
The resulting clause set shall be called N x . In addition, the axioms that stipulate the meaning 
of newly introduced constant symbols at need to be added to N x . Iterating this step for every 
base-sort variable in N eventually leads to a clause set that is essentially ground with respect to 
the constraint parts of the the clauses it contains (free-sort variables need to be treated separately, 
of course, see Section 0]). 

The line of argument leading from a hierarchic model of the original clause set N to a hierarchic 
model of the modified clause set N x (with instances and additional axioms) is almost trivial. The 
converse direction, however, rests on a model construction that yields a hierarchic model B which 
complies with property (f$t) discussed in the beginning of the current section. Given a hierarchic 
model A of the instantiated clause set N x , we construct the partitioning Va.p N (x),N,A based on 
the argument position class associated to x in the original clause set N. By virtue of Lemma fill 
we know that each partition p in the partitioning is represented by an instantiation point c p in 
Z ap n (x),N and f° r each of these instantiation points there is one clause in the modified clause set 
N x in which x is instantiated by c p . Since B is supposed to comply with i.e. it shall not 

distinguish between real values that stem from the same partition, the information how the model 
A treats the representative of a partition can be transferred to all values from this partition. An 
example might be best suited to illustrate the key ideas. 


Example 12. Consider the clause set TV = {a; > 2, z = 4 || Q(x, z) —> T(x)}. With respect to N 
there are two instantiation points for variable x, namely a_oo and a 2 + e . This will lead to the set 
of instances and axioms 


N x = {a.oo > 2, z = 4, x = a_oo || Q( x, z) ->• T(x) , 
a.2+e > 2, Z = 4, X = « 2 +E II Q(x, z) —>• T(x)} 

U Ax{ Q ,_ ooiC(2+e p{2,4} 

where the axioms express the fact that the value of a_oo is strictly smaller than 2 and the value 
of « 2 +e shall lie within the interval (2,4) in any hierarchic model of N x . This already reveals 
redundancy of the first instance in the presence of the axioms, since the atomic constraint a_oo > 2 
is false under every hierarchic model of the axiom a_oo < 2 that is contained in Ax{ a _ ooiCt j.{ 2 , 4 }- 
We assume to have a hierarchic model A of N x at hand with a^^ = 0 and a A +e = 3. Then the 
two intervals (—oo,2] and (2,+oo) constitute the partitioning 'P apjv ( x )y v,.a, and the partitioning 
P ap n (z),n,a is given by {(—oo,4), [4, +oo)}. Moreover, assume that the set Q A contains the pairs 
(0, 0), (3,4) and (7,4) while the set T A shall be the union of intervals (0, 5] U [6, 7). Clearly, A is 
a hierarchic model of N x . (However, A is not a hierarchic model of N, since the pair (7,4) is in 
Q a but 7 does not belong to T A .) 

We now construct a hierarchic model B from A so that B complies with K^r)! First of all, B 
takes over all values assigned to constant symbols, i.e. a B x := o A x and af +e := a A +s . The defi¬ 
nition of T under B will be piecewise with respect to the partitioning P[(t,i)],n,a = P&p n (x),n,a = 
{(—oo,2], (2,+oo)}. To do so, we use the idea of representatives: the interval (—oo, 2] is repre¬ 
sented by a-fgo = 0 and the interval (2, +oo) has a A +s = 3 as its representative. At the same 
time, also represents the interval (— oo,4) in partitioning Pun 2)1 n Ai an d [4,+oo) from the 


into action, the set T e will be defined so that (—oo, 2] C T a if and only if G T , and 
(2, +oo) C T b if and only if a A +e G T A . For the set Q B matters are technically more involved but 


same partitioning is represented by the constant 4. Putting the abstract idea of property (*Pt] 
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follow the same scheme. For instance, all pairs (ri,r 2 ) with r± G (2,+oo) and r 2 G [4,+oo) shall 
be in Q B if and only if the pair (a2+ £ ,4) is in Q A . Consequently, we end up with T B = (2, +oo] 
and Q b = {(ri,r 2 ) | t\l G (— 00 , 2] and r 2 G (- 00 ,4)} U {(n, r 2 ) | n G (2,+ 00 ) and r 2 G [4,+ 00 )}. 

The net results is a hierarchic interpretation B that is a model of N x just as A is. But beyond 
that B is also a hierarchic model of the original clause set N. This is by no means a coincidence 
as the proof of Lemma fT3l shows. 


Lemma 13. Let N be a clause set in normal form, and assume that N contains all the axioms in 
^a C onsts(iV),bconsts(JV) and for every a e+e G aconsts(N) we have e G bconsts(iV). Suppose there 
is a clause C in N which contains a base-sort variable x. Let the clause set N x be constructed as 
follows: N X :=(N\{C}) U {C[x / c] | c G I a p N (x),N } U Ax Iapjv(a:) ^ bconsts(J v). The original 

clause set N is satisfiable if and only if N x is satisfiable. 


Proof. The “only if”-part is almost trivial to show: Let A be a hierarchic model of N. Every axiom 
in Axx ap ( . w ,bconsts(Ar) which does not appear in N concerns constant symbols at that do not 
occur in N. By virtue of Proposition ! 101 we can derive a hierarchic model B from A that differs from 


A only in how these at are interpreted and that is a hierarchic model of Axx ap ^ (i) N , bc onsts(7V) \ AL 
Thus, B \= N follows from A (= N. Since the variable x is universally quantified in C, B \= C 
entails B \= C\x/c\ for every instance C\x / c\. Altogether, we obtain B \= N x . 


The “if”-part requires a more sophisticated argument: Let A be a hierarchic model of N x . We 
use A to construct the hierarchic model B that extends a model in 9JT as follows. For the domain 
S B we reuse A’s free domain iS -4 . For all base-sort and free-sort constant symbols c G consts(iV), 
we set c B := c A . For every predicate symbol P : £1 x ... x G II that occurs in N and for 
every argument position i, 1 < i < m, Lemma fTTl guarantees the existence of a base-sort constant 
symbol C[(p ii )], p G T ap n ( x),n for every partition p G V[( Pti )] tNtA , such that c^ Pi)] p G p and the 
requirements (i) to (iii) of the lemma are met. Based on this, we define the family of functions 
>P[(p,i)] : R U S B —>• R U S A by 


{ c \(p,i)},p ^ 6 = K and p G P[{ P}i )] tN ,A 

is the partition a lies in, 
a if f,. = S. 


Using the functions ‘Pup,!)], we define the P B so that for all domain elements 01,..., a m of appro¬ 
priate sorts (ai,... ,a m ) G P B if and only if (^[(pp)](ai), ■ ■ •, <P[(p, m )]{a m )) G P A . 

We next show B (= N. Consider any clause C' = A' || T' —>• A' in N and let /? : V-rAVs —> RU5 S 
be an arbitrary variable assignment. From /3 we derive a special variable assignment (3^ for which 
we will infer A , \= C as an intermediate step: 

B (v) := ! C ^p n(v),p if v G V k and /3( v ) e P e ^p n (v),n,a, 
if v G Vs, 


for every variable v. If C' / C, then N x already contains C", and thus A,P V (= C' must hold. In 
case of C' = C, let p* be the partition in Va.-p N (x),N,A containing the value /3{x), and let c» be an 
abbreviation for c apN ^ x ) p ^. Due to x) = c A and since A is a model of the clause C\x / c*] in 
N Xl we conclude A,f) v |= C. Hence, in any case we can deduce A,f)<p |= C'. By case distinction 
on why A, j3 v (= C' holds, we may transfer this result to obtain B,/3 \= C', too. 

Case A,f3 v \f= c <1 d for some atomic constraint c < d in A' with base-sort constant symbols 
c,d G Ula U and < G Since B and A interpret constant symbols in 

the same way and independently of a variable assignment, we immediately get £>, f3 c < d. 

Case A, (3^ {y < d) G A' for an arbitrary base-sort variable y and a constant symbol d, G Ula- 
This translates to f3 (p (y)j6d A . Let p G V a p N ( y ),N,A b e If 16 partition which contains f3(y) and 
therefore also t3 v (y). 
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If d A lies outside of p, then /3 v (y) <i d A if and only if /3(y) < d A , since fd v (y) £ p. Thus, 
d B = d A entails B,/3 \/= y<sd. 

If p is the point interval p = {d A }, then /3(y) = /3 v (p), and thus B,(3 y < d. 

If P = {re,r u ) and r e < d A < r u , then < £ {<,<,^}, since /3 v {y) = c A pN{y)p < d A (by 

would be of the form p = [rf- 4 , r u •) by the construction of Va, PN ( y ),N,A (requirements (|u]l . 
(liiiliii)l and (liiiliv 11) . Therefore, < ^ {=,>}, since otherwise the instantiation point d 
would be in P apN ( y ) y N- This only leaves <1 = >. Hence, the constraint y > d occurs in N 
and thus we find the instantiation point a.d+ e in 2 a p JV (y),Af- Consequently, requirements 
(liiiliill and (liiiliv II of the construction of V a p N ( y ),N,A entail p = (ry, d A \, which leads to 
/3(y) < d A because of /3(y) £ p. Therefore, B, (3 y > d must be true. 

The cases p = (-r^+oo), p = (—oo,r u ) and (—oo,+oo) with ru < d A < r u can be 
handled by similar arguments. 


(ii) and (iii) of Lemma El- Moreover, we conclude d ^ X ap n ( u ),N: since otherwise p 


If p = [ d A ,r u •) and d A < r u , then P<p(y) = p = d A by [(ii)] of Lemma HD Con¬ 

sequently, <3 0 {<,=,>}. We conclude a^+e 0 I apjv ( y ) i iv, because otherwise [ d A ,r u •) 
would be a point interval, contradicting d A < r u . Hence, the only remaining possibility 
is < = <. But by /3(y) £ p we deduce /3(y) > d A . Therefore, we clearly get B, /3 y < d. 
The case p = [d A , + 00 ) is covered by analogous arguments. 


Case A, \/= {y = cq) £ A' for an arbitrary variable y and a constant symbol cq £ ^la- Let p £ 
'P&p N (y), N ,A be the partition which contains /3(y). We immediately conclude a A ^ c ^p N ( y ) P 

since c a P N (y), P = Mv) ± M- 

If a A does not lie in p, then f3(y) ^ a A , and thus £>, j3 y = cq. 

Assume af lies in p. By c A pN ^ y)p £ p and the facts ^ c t PN (y), P and ^ p, p 
cannot be a point interval. Moreover, p cannot be of the form (— 00 , tv), since then 
c ap N (y),p = a -oo and r u < for all a c + s £ aconsts(N) would follow by construction 
of P&p N ( y ),N,A (since A |= Ax acons t s (jy),bconsts(Aq )5 contiadicting either cq ^ c apN ( y ), P 
or a A £ p. Consequently, there exists a constant symbol d £ bconsts(./V) so that 
cq = otd+c- Hence, the atomic constraint y — ad+ e contributes the instantiation point 
C^d+e fO V- 

The constant symbol c apjv ( y ) iP cannot stem from Hla, since then p would be of the form 

[ c Wi/),p’ +0 °) or N (y),P’M for some real value Tu and we would have c a P „(y), P = 
d A , i.e. c a Pn{v) p and c a Pn{v) p + e would be ^-covered by I aPiv (y),Ar - a contradiction, 
as we have already argued then p cannot be a point interval. Hence, there exists a 
constant symbol e £ bconsts(A r ) so that e ^ d and c apjv ( y ) jP = a e + e and thus p is 
either of the form (e A , + 00 ) or ( e A ,r u •) for some real value r u . In case of d A ^ e A , 
the instantiation point ctd+ e results in a partition p' £ V^p r y ) t N,A suc h that a A +e £ p■' 
and p' p. But this contradicts our assumption a A = a A +e £ p. Consequently, 
d A = e A . As N x contains Ax{ a<J+E },{ e } as a subset, A must be a hierarchic model of 
the axiom d = e —> <Xd+ e = cq+ e . This yields a contradiction, since above we concluded 

a d+e = a A ^ c A pNiy) p = a A +e . 

Case A,f3 v s « s' for some free atom s « s' £ V. Hence, s and s' are either variables or 
constant symbols of the free sort, which means they do not contain subterms of the base 
sort. Since B and A behave identical on free-sort constant symbols and /3(u) = f3 v {u) for 
any variable u £ Vs, it must hold B,/3 s ~ s'. 


Case A,f3 v (= s w s’ for some s « s’ £ A 1 . Analogous to the above case, B,0 \= s ~ s’ holds. 

Case A, /3 V ^ P( s i> • • •, s m ) for some free atom P(s 1 ,..., s m ) £ TL This translates to 
(A(/3 ip )(s 1 ),...,A(p tp )(s m ))?P A . 
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Every Sj of the free sort is either a constant symbol or a variable. Thus, we have A(^ v )(si) = 
B(j3)(si) = (S(/3)(si)), since free-sort constant symbols are interpreted in the 

same way by A and £>, and because (u) = j3(u) for every free-sort variable u. 

Every Sj that is of the base sort must be a variable. Hence, A(/3 v )(si) = c^ pi ,, = 

^[(P i j>](B(/3)(sj)), where p is the partition in V[(p t i)],N,A which contains /3(sj) (and thus 
also j3 v (si)) and where we have ap Ar (sj) = [(P, *)]. 

Put together, this yields (<^[(p,i>] (S(/3)(si)),..., ¥>[(p, m >](£(/3)(s m ))) £ P" 4 - But then, by 
construction of B , we have (P(/3)(si),..., S(/3)(s m )) ^ P B , which entails £>, /3 P(si,..., 
3 m ) ■ 

Case .A, \= P(s i,..., s m ) for some free atom P(si,..., s m ) € A'. Analogous to the above case 

we conclude S, /3 |= P(si,..., s m ). 

Altogether, we have shown £> (= A. □ 

We have already pointed out that we intend to iteratively instantiate base-sort variables in an 
initial clause set A by means of the construction described in Lemma 11.31 However, for efficiency 
reasons it is not desirable to recompute all necessary information such as argument position classes, 
sets of instantiation points and the like from scratch at each stage. The next lemma shows that 
the ingredients for the elimination of base-sort variables are invariant under instantiation. The 
main reason is that when x is instantiated, constraints x = c are introduced to the clause and free 
atoms P(... ,x ,...) remain untouched (however, x might be renamed afterwards). Consequently, 
it is indeed sufficient to compute, for instance, the relation and the set of instantiation points 
^[(p,i)],n once and for all at the beginning for every argument position pair (P, i) that is of interest 
and only use it at the appropriate stages of the overall instantiation process. How this can be 
done will be described in detail in Section [5] 


Lemma 14. Let A be a clause set in normal form that contains a clause C in which a base-sort 
variable x occurs. Further assume Ax aconsts / i¥ p lconsts ( A i) C A and for every a e + E £ aconsts(A) we 
have e £ bconsts(A). Suppose N x is constructed from A as described in Lemma [T51 and variables 
have been renamed so that all clauses in N x are variable disjoint. We observe the following facts: 

( 1 ) ^N — ^N x - 

(ii) bconsts(A) = bconsts^z) and fconsts(A) = fconsts(A x ). 

(iii) For every argument position class [(P, *)] induced by we have P[(p,i)j ,jv = -^{(Pi)] n - 

(iv) N x is in normal form, C N x , and for every a e+e £ aconsts(A a; ) we 

have e £ bconstsfiW). 


Proof. We prove the different parts separately. 
The relations 


(i) 




and 


T Atr 


exclusively depend on the free parts of the clauses in A and N x 


respectively, irrespective of variable names. Since I ap n ( x ),n is nonempty, all free parts of clauses 
in A do occur in N x (modulo variable renaming), and vice versa. 


(ii) bconsts(A) C bconsts(A x ) and fconsts(A) C fconsts(A x ) hold due to Pa. VN ( x ),N being 


nonempty. bconsts(A x ) C bconsts(A) is a consequence of P apjv (x),iv H Hla Q bconsts(A). 
fconsts^z) C fconsts(A) is true, because free parts of clauses are merely copied and variables 
renamed. 


(iii) We start with two observations: 
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(1) For every clause D ^ C in TV, we find a clause D in N x such that D and D are the same 
modulo variable renaming. Conversely, every D in N x is either identical to a clause D in 
N modulo renaming of variables or it is equal to C\x / c] up to variable renaming for some 
constant symbol c. 

(2) Regarding C we find the instance C\x / cz-oo] in N x , possibly with renamed variables. 
Consequently, for every base-sort variable y ^ x for which C contains an atomic constraint 
y<s and a free atom Q(.. . ,y,.. .) with y in the j- th argument position, C\x /a_oo] contains 
the constraint y < s and the free atom Q(. .., y,.. .) with y in the j- th argument position 
again, modulo variable renaming. The converse also holds. 

That said, we distinguish two cases for every argument position pair (P, i). 


If (P,i) does not belong to the equivalence class ap^(x), i.e. apjv(a;) ^ [(P, z)], then we get 
Z[(p,i)],N = \ Pi )]N > since PH and PH together entail Iq,j,n = X q j f} for a11 (QJ) e 

WW- 


If [(P, z)] = apjv(x), then there is an argument position pair ( Q,j) £ [(P, z)] so that C contains 
a free atom Q(. .. ,x, ...) in which x is the j- th argument. Moreover, N x is a superset of 
{C[x/c] | c £ I ap n ( x ),n} modulo renaming of variables. This entails P~ AVn ( x ),n \ {ct-oo} C 
X Q,j,fr a ’ and therefore, I aPw (x).iv Q \p A] ,n x - 

On the other hand, assume there is an instantiation point in I^ pi „ ^ that is not in 

^ap n (x),Ni i- e - there is a clause D in N x of which a variable-renamed variant has not al¬ 
ready been in TV, and in which an atomic constraint y < s and a free atom Q(... ,y,.. .) 
occur with y in the j- th argument position. By |(1)| D must be a variable-renamed variant 
ofC[*/c] for some constant symbol c. But according to |(2)| we must have (y <s) = (x = c) 
modulo variable renaming. But this constraint can only lead to an instantiation point that 
is contained in I a p N (x),Af ~ a contradiction. Hence, we also have ^ C I apN ( x ),N- 

Put together, we just derived P[(p,i)],jv = -^upi )] n ^ or case - 


(iv) The construction of N x from N preserves the normal form property for each clause individ¬ 


ually, since we start from a clause in normal form, copy the free part of the clause and no new 
variables are introduced to the constraint part which do not also occur in the free part. Afterwards, 
consistent renaming of variables ensures pairwise variable disjointness of the clauses in N x . 

Ax aconsts(iv x ),bconsts(iv x ) ^ N x is a consequence of Ax aconsts(Ar)ibconsts(JV) C N \ {C} (true 
by assumption and the fact that C’s free part is not empty but the free parts of axioms are) 
and Ax IapjvWtJV)bconsts(JV) C N x (true by construction). Moreover, = 

-^--^-aconsts(A^),bconsts(AT) U Ax^ 

aconsts(AI) UX aPN ( x)> jv. 

Suppose there is a constant symbol a e + E in N x so that e does not occur as constant symbol 
in N x . Hence, a e + £ must have been an instantiation point in X a p JV (x).iv- Due to |(ii)[ e cannot 
occur in N either. Consequently, a e +e has been introduced to X ap n ( x ),n by the occurrence of 
an atomic constraint y = a e +e br some clause in N. But we assumed e' £ bconsts(TV) for every 
ot e ' +E £ aconsts(A^) - a contradiction. □ 


taconsts(AO,bconsts(AO u AX x apjv(x)iN ,bco ns ts(iV) is ensured by [(n)] and the fact that aconsts(TV a; ) C 


4 Instantiation of Free-Sort Variables 

Checking satisfiability of a finite clause set N over the classical Bernays-Schonfinkel fragment 
can be done naively by trying all Herbrand interpretations (we assume N contains at least one 
constant symbol). One key argument is that the domain of these interpretations is the set of 
all constant symbols occurring in N and is thus finite. If we add equality to the fragment, 
the canonical interpretations are Herbrand interpretations modulo congruences on the occurring 
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constant symbols. Although this means we have to consider more than one domain, there are 
still only finitely many of them. Moreover, their size is upper bounded by the number of constant 
symbols in N. This idea of canonical domains can easily be transferred to hierarchic models over 
the BSR fragment with simple bounds. More precisely, we can prove that any clause set N over 
the BSR fragment with simple bounds is satisfiable w.r.t. 911 if and only if there exists a hierarchic 
model A so that its free domain is the set of free-sort constant symbols in N modulo a congruence 
relation ~, i.e. (S ' 4 = fconsts(AT)/^, and so that every free-sort constant symbol c is interpreted 
by the corresponding congruence class [c]^. 


Lemma 15. Let N be a clause set in normal form and let A be a hierarchic model of N. We 
assume fconsts(jV) to contain at least one constant symbol (otherwise we may add the tautology 
|| —> c « c to N). 

By S A we denote the restricted domain {a £ .S ' 4 | there is a d £ fconsts(fV) such that a = d A }. 
Let be the binary relation on fconsts(iV) satisfying c d if and only if c A = d A . 

We can construct a hierarchic model B of N which meets the following requirements: 


(i) the domain S B is the set fconsts(iV)/of equivalence classes w.r.t. 

(ii) d B = [d]^ A for every free-sort constant symbol d £ fconsts(AT); 

(hi) c B = c A for every base-sort constant symbol c £ bconsts(Al) U aconsts(lV); and 

(iv) for every atom A in N and every variable assignment f3 : Vs U Vr —> S A U K. for which 
ft(u) £ S A for all u £ Vs, we have A, /3 |= A if and only if B,/3^ A |= A, where for any 
variable v £ Vr U V$ we set 


P~Av) 


( [d]^ if v £ Vs and /3(v) = d A 
< for some d £ fconsts(fV), 

{/3{v) if v£Vji- 


Proof. We construct the hierarchic interpretation B as follows: 

• S B := iconsts(N)/ 

• For every constant symbol d £ fconsts(A^), we set d B := 

• For every constant symbol c £ bconsts(A^) U aconsts(JV), we set c B := c A . 

• To help the formulation of the interpretation of predicate symbols under B we first define 
the function if : S B Ul-> S A U K by 

! d A if a = [d\~ A £ S B for some free-sort 
constant symbol d, 
a if a £ R. 


(Please note that this is well-defined, since d d! entails d A = d' A .) 

For every predicate symbol P/m that occurs in N and for all arguments ai,...,a m of 
appropriate sorts, we define the interpretation of P under B such that (oi,..., a m ) £ P B if 
and only if ... ,if{a m )) £ P A - 


Obviously, requirements (i) (ii) and (iii) are satisfied. Due to the fact that we find a /3 whose image 

_ i _ j „ „ , _ .. _ S B UK 

so that P^ A 


is a subset of S A U K (as described in (iv) I for every variable assignment 7 : Vu U Vs 
= 7 , a proof of (iv) entails B \= N. Hence, it remains to show (iv) 


Suppose A is an atomic constraint s < t. The definitions of B and fi^ A immediately imply the 
equivalence of A, /3 \= A and B, P~ A \= A. 
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Suppose A is of the form s ~ t, s and t being variables or constant symbols of the free sort, respec¬ 
tively. Because of A((3)(s), A(/3)(t) £ S A , there exist constant symbols d a ,d t fconsts(-ZV) 
such that d A = A(/3)(s) and d A = A((3)(t). Consequently, A(/3)(s) = A(fi)(t) holds if and 
only if d s dt, i.e. if and only if [d s ]~ A = [dt\~ A - Put differently, A, /? |= s ~ t is equivalent 
to B, /3~ A |= s « t. 

Suppose A is of the form P(t \,... ,t m ) for some predicate symbol P/m occurring in N. As we 
have already argued in the previous case, we can find for every tj of the free sort a constant 
symbol dt fulfilling d A = A{(3){ti). 

If U = c € fconsts(AT), then i/j(B(/3~ a )(c)) = ip([c]~ A ) = cA = A((3)(c). 

If ti=u£ V s , then 4>(B{f3^ A )(u)) = = tp([di\^ A ) = d f = /3{u ) = A{0){u). 

On the other hand, for all t* of the base sort, we get ip(B(P^ A ){ti)) = B(/3~ A )(ti) = A(/3)(U). 

Altogether, this leads to (^(B{^ A ){t {)),..., tf>(B(/3^ A )(t m ))) = (A{/3)(t i),.. ,,A(/3){t m )) 
and, consequently, also to (Z?(/3^_ 4 )(ti),..., B{f3^ A ){tm)) £ P B if and only if (A(/3)(ti ),..., 
Amtm))£P A '- 

□ 

Having such canonical models, it is easy to argue that we can eliminate free-sort variables by 
exhaustive instantiation with all occurring free-sort constant symbols. 

Corollary 16. Let N be a clause set in normal form that contains at least one constant symbol 
of the free sort. Suppose there is a clause C in N which contains a free-sort variable u. Let the 
clause set N u be constructed as follows: N u := (N \ {C}) U {C[u / c] | c £ fconsts( N )}. The 
original clause set N is satisfiable if and only if N u is satisfiable. 

Proof. While the “only if”-part holds because of N u containing only instances of clauses in N, 
the “if”-part is slightly more complicated. Let A be a hierarchic model of N u so that .S' 4 = 
fconsts (Ayfor some congruence relation ~ on fconsts(AT), and for every free-sort constant 
symbol c we have c A = [c]^. But then A\= {C\u/c\ \ c £ fconsts(A')} entails A\= C, since the 
set {[c]„ | c £ fconsts(A^)} covers the whole domain S A due to fconsts(A^„) = fconsts(A'). Hence, 
we obtain A\= N. □ 

5 The Complexity of Deciding Satisfiability 

In the last two sections we have seen how to eliminate base-sort and free-sort variables by means 
of finite instantiation. In this section, we put these instantiation mechanisms together to obtain a 
nondeterministic algorithm that decides the hierarchic satisfiability problem for the BSR fragment 
with simple bounds and investigate its complexity. As a measure of the length of clause sets, 
clauses, atoms and multisets thereof, we use the number of occurrences of constant symbols and 
variables in the respective object, and denote it by len(-). 

Theorem 17. Let N be a clause set (of length at least 2) that does not contain any constant 
symbol from but at least one free-sort constant symbol. Satisfiability of N w.r.t. 911 can 
be decided in nondeterministic exponential time. To put it more precisely: the problem lies in 
NTIME(len(Af) c ' len ( Ar )) for some constant c > 1. 

Proof. We devise a naive algorithm that decides a given problem instance as follows. As input we 
assume a finite clause set N such that aconsts(A^) = 0 and bconsts(Ai) A 0- 

(I) Transform the input clause set N into normal form by applying three steps to every clause 
C = A||T— > A in N that contains exactly k > 0 distinct base-sort variables X\,..., Xy 
occurring in A but not in T —> A: 
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01 ) Let y be the vector of all variables Xj among x±,... ,Xk for which there is an atomic 
constraint Xj = Cj in A, and let c denote the corresponding vector of constant symbols 
Cj. We replace CbyA[y/c] || T — > A in N. 

011) If A contains an atomic constraint of the form Xj ^ Cj after Step (HUM then replace 
C in N by two clauses A ',Xj < Cj || T —> A and A ',Xj > Cj jj T —> A, where 
A' := A \ {xj ^ cj}. Iterate this procedure on the newly added clauses until all 
atomic constraints concerning one of the variables x\,. .. , Xk have the form Xj <JCj with 
<!€{<,<,>,>}. 

©Ill) Apply Fourier-Motzkin quantifier elimination to every base-sort variable among X\,..., 
Xk that is left in N. 


We call the resulting clause set N'. In addition, rename variables so that all clauses in N' 
are variable disjoint. 

(II) Compute the equivalence classes with respect to the equivalence relation ±=;n' induced by 
N'. 

(Ill) Compute the set bconsts(-V') of all base-sort constant symbols that occur in N'. 

For every equivalence class [(P,i)\±^ N , with P : x ... x £ II such that = 1Z, 

collect all instantiation points that are connected to it, i.e. compute Zj/poijv'- Whenever a 
constant symbol cq freshly enters the collection of instantiation points, construct the axiom 
set Axr (ll i bconsts ( N /) according to Definition [9] and add all these axioms to a maintained 
axiom set Ax. 


(IV) Compute the set fconsts (-ZV 7 ) of all free-sort constant symbols occurring in N'. 

(V) Perform an all-at-once instantiation process on N' that leads to 


N" := {C[x,u/c,d\ 


C € N' and {x\,..., Xk} = vars(C) FI Vji and 
{rti,..., ue} = vars(C) n Vs and 
Cj € P a p N ,(x i ),N / and dj £ fconsts {N') for all i and j 


(VI) Nondeterministically construct a hierarchic interpretation A in three steps: 

lYDi) Nondeterministically choose a total ordering on the constant symbols in bconsts( N”) 
U aconsts( N") so that for all c,d£ bconsts(V") (~l K it holds c d if and only 
if c < d. Based on this ordering, construct (in a deterministic fashion) a mapping 
HA : bconsts(V") U aconsts(A r ") —» R so that 

• for all c £ bconsts(V") PI R we get ha( c ) = c i and 

• for all di, d 2 £ bconsts(JV") U aconsts(V") it holds ^(di) < /r^(d 2 ) if and only if 
di d 2 . 

Set c A := ha{c) for every c £ bconsts(iV"). 

EDii) Nondeterministically choose a mapping va ■ fconsts (N") —> fconsts (N"). 

While z/^’s image shall induce the free domain .S' 4 := {zz^(c) | c £ fconsts(iV")}, the 
value va{c) shall be assigned to c under A for every c £ fconsts(V"). 

(IVII HD Let At (N") denote the set of nonequational ground atoms induced by the essentially 
ground clause set N ", formally 

At(N") := {A[x/c] [there is a nonequational free atom A in the free part T —> A 
of a clause (A, x% = c \,..., Xk = Ck || T —>• A) £ N" 
with {xi ,... ,Xk} = vars(A)} . 
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Given At (N"), we construct the set At (N") by syntactically replacing every base-sort 
constant symbol c in At (AT") by ha{c) and every free-sort constant symbol e by i'A(e). 

Nondeterministically choose a subset At. 4 (iV") of At(N") that represents the atoms in 
At(N") which shall be true under A , i.e. construct a Herbrand model over the atoms 
in At(AT"). 

(VII) Check whether A is a hierarchic model of N" U Ax. q 

Regarding the correctness of the algorithm, there are two crucial points which we need to 
address, namely (a) the equisatisfiability of N and N', and (b) the equisatisfiability of N' and 
N" U Ax. 

Ad (a): It is straightforward to check that m and (Hum lead to equisatishable clause sets with 
respect to the standard semantics of linear arithmetic. 

The Fourier-Motzkin elimination step in dnnm works for existentially quantified real-valued 
variables (cf. [ DE73I . [KSQ 8 j). Given a clause C = A || F —>• A that contains a base-sort variable 
x occurring in A but not in T —> A, let z denote the vector of all variables in A except for x. 
Recall that C can be informally understood as VzVa:((/\ A A /\T) \J A). Since x does neither 
occur in A nor in T and since any formula <j> ijj is equivalent to ~<(f> V i/>, we can equivalently 
write Vf((( 3x/\ A) A /\F) —>• \/ A). Now Fourier-Motzkin variable elimination can be applied to 
the part 3x /\ A to transform it into a formula /\ A' over linear arithmetic constraints (each of the 
form c <1 d or y < e) so that /\ A' is equivalent to 3x f\ A with respect to the standard semantics 
of linear arithmetic, A' does not contain x anymore and all variables and constant symbols in A' 
have already occurred in A (cf. [DE73] ). 

Treating all base-sort variables that occur in A but not in T —>• A as described above, we finally 
obtain a clause A" || F —>• A that is equivalent to A || T —>• A and is in normal form. 

Ad (b): The construction of clause set N" done in Step (0 resembles |vars(_/V') C\Vr\ consecutive 
applications of Lemma fl3l to the base-sort variables x\,... ,Xk followed by |vars(A r/ ) n Vs| consec¬ 
utive applications of Corollary [16] to the free-sort variables ui,...,ue in order to instantiate all 
variables that occur in N'. 

For an arbitrary clause C in N' we have 

fconsts (C [x / c] [ui / di] ... [uj / dj ]) C fconsts(AT') for every j, 0 < j < l. Hence, Corollary [TB] 
entails equisatisfiability of N" U Ax and the intermediate set N’" U Ax where N"' := {C[x/c] | 
C £ N' and {xi,..., Xk} = vars((7) fl Viz and c* € ,( Xi ),N' f° r a ll *}• 

It remains to show equisatisfiability of N' and N"' U Ax. In order to do so, we first reduce 
the problem to showing equisatisfiability of N' U Ax and N'" U Ax: If N' is satisfiable, then so is 
N' U Ax by Proposition [TUI since N' does not contain constant symbols from Conversely, 

N' is obviously satisfiable whenever N' U Ax is. 

Let xi ,...,Xk be a list of pairwise distinct base-sort variables such that {x\,... ,Xk} '■= 
vars(AA) f~l Viz = vars(A' U Ax) PI Viz. We set Nq := N' and for every j , 1 < j < k, we de¬ 
fine 

Nj . {C[xj/cj] | C £ and Cj £l a p} • 

As the x\,... ,Xk are pairwise distinct and since the involved substitution operations only 
substitute variables with constant symbols, we can equivalently write 

Nj = {C[xi/ci] ... [xj / Cj] | C G N' and c, e and 1 < i < j} 

for every j, 1 < j < k. Variable disjointness of the clauses in N' entails N' k = N'”, since in this 
case the iterative substitution in the construction of N’ k yields the same result as simultaneous 
substitution in the construction of N does. 

Consider the sequence N' 0 , N [,..., N' k of clause sets, for which we know = N 1 and N’ k = N'". 
If we rename the variables in each set in the sequence such that the clauses are variable disjoint, 
we can apply Lemma [13] k times to conclude equisatisfiability of Nq U Ax, N[ U Ax and so on 
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up to N', U Ax. To support this claim, we need to show that the prerequisites of Lemma [13] are 
fulfilled along the sequence. They certainly are for the starting point Nq U Ax, since we assume 
N' to be in normal form and to not contain constant symbols a t . For the rest of the sequence, we 
invoke Lemma im since it ensures ^at'uAx = ■ ■ ■ = ^jv'uAx and = ... = 1-{(p,i)],N' k for 

all equivalence classes [(P, i)] induced by ^at'uAx- 

The following observations justify why it is legitimate for the algorithm described in steps E 
to (1VIII) to mostly ignore the axioms in Ax. 

(b.l) n' — ^n 1 uAx■ because the relation ^avuAx exclusively depends on the free parts of 

clauses in N' U Ax, but the clauses in Ax do not have free parts. 

(b.2) bconsts(iV') = bconsts(./V'UAx), since the definition of Ax entails bconsts(Ax) C bconsts(TV'). 

(b.3) fconsts(_/V') = fconsts( N' U Ax) holds because clauses in Ax do not contain constant symbols 
of the free sort. 

(b-4) I [<Pli>] , [ N / = Z{{ p,i)], jv'uAxj since only atomic constraints that involve one base-sort variable 
contribute to the set of instantiation points, but Ax is a set of ground clauses. 

Altogether, the iterative application of Lemma [T3l shows that N'UAx has a hierarchic model if 
and only if A^'ljAx has one. But as we have already argued above, this entails the equisatisfiability 
of N' and N'" U Ax and even N" U Ax. 

This finishes our considerations regarding the correctness of the presented algorithm. Next, we 
investigate its running time. In order to do so, we take a look at every step individually. E : While 
the substitution operations in Step (ITlI j I take a total amount of time that is polynomial in len(TV), 
the length of the clause set does not grow. The second step, however, may blow up the length of 
the clause set exponentially. Every clause A || T —> A might be copied up to 2l A l times, since A 
can contain at most |A| constraints of the form Xj ^ Cj. Hence, Step (lllllll increases the length of 
the clause set to not more than len( N) ■ 2 len( Al and in the worst case takes time polynomial in that 
new length. Given a multiset A of atomic constraints, in which variables x \,..., Xk £ vars(A) are 
supposed to be eliminated one after another by the Fourier-Motzkin procedure, we can partition A 
into k + 1 parts Ao, Ai,..., A*, so that for alii > 0 the part A, contains all atomic constraints that 
involve Xi and only those, and A 0 := A \ (Aj U ... U A*,). It turns out that eliminating a variable 
Xi from A results in a multiset (A \ A^) U A^ where |A,| is at most |Aj| 2 . Hence, after eliminating 
all Xi , we end up with a multiset of atomic constraints of size |A 0 | + IAjJ 2 + ... + |A^| 2 < |A| 2 . 
Consequently, Step dmm may increase the length of the clause set at most quadratically. The 
time taken for this step is polynomial in that new length. Overall, we end up with a length of at 
most len(A) 2 • 2 2 ' len ( Ar ) < len^) 3 ' 1 ™*^ for N' (recall that we assumed len(A) > 2). 

CU>: This step can be performed in time that is polynomial in the length of N 1 using an efficient 
union-find data structure. 

(ED: The computation of bconsts(IV') and the collection of all relevant instantiation points takes 
time polynomial in the length of N'. The set of instantiation points for any base-sort variable 
is a subset of bconsts(A') U {ctd+c I d £ bconsts(A')} U {a_oo}. It is worthwhile to note that 
Steps cm] to EmMo not lead to a change in the number of instantiation points, since they only 
modify atomic constraints that do not contribute to instantiation points. The reason is that the 
variables x \,..., Xk addressed in Step E do not occur in the free parts of the modified clause. For 
every argument position pair (P, i), there are at most len(IV) instantiation points, as every atomic 
constraint y<c in N can induce at most one instantiation point (either c of cCc+e)- To account for 
a-oo'- if there is a base-sort variable y to be instantiated in N r at all, then N r must also contain a 
free atom Q(. which did already occur in N , and which thus also contributes to the length 
of N. In addition, we have bconsts(A') C bconsts(A), leading to |bconsts(A')| < len(A). The 
construction of the required axiom set Ax can be done in polynomial time in len(A') + len(Ax), 
where we can bound the length of the axiom set from above by 2 • 2 • len(TV) + 2 • 4 • len(A r ) 2 < 
10 -len(A) 2 . 
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m-- The extraction of fconsts(./V') does not take longer than polynomial time in the length of 
N'. 

©: At first, we consider each clause C = A || T —>■ A in TV' separately. Since |fconsts(./V')| is upper 
bounded by len(A) (every free-sort constant symbol in N 1 did already occur in N), instantiation 
of the free-sort variables yields a factor of at most len(A)l vars ( r_+A ) nV ' s l. We have already argued 
- when looking at Step (ED - that the number of instantiations points for each base-sort variable 
is bounded from above by len(A^). Hence, instantiation of all base-sort variables in the clause 
adds a factor of at most len(A)l vars ( r ^ A ) nl/R l. There are at most len(T —> A) different variables 
in C that need to be instantiated, and as T —>• A did already occur in N (modulo variable 
renaming), we have len(T —> A) < len(A). When instantiating a clause, the constraint part 
may increase in length, namely by at most double the number of instantiated variables. In the 
worst case, we thus get triple the length of the original, e.g. in case of instantiating the clause 
|| — > P(x) with the default instantiation point a_oo we obtain x = a_oo || —> P(x). In total, 
instantiating a single clause C = A || T —»■ A taken from N 1 leads to a clause set of length at most 
3 • len((7) • len(7V) len ( r ^ A ). Consequently, we can upper bound the length of the fully instantiated 
clause set N" by 3 • len(A') • len^) 1 ®”^ < 3 • lei^A) 4 ' 1 ® 11 ^). Instantiating the set of clauses 
needs only time that is bounded by some polynomial in len(A"). 

(ED: The construction of A can be done nondeterministically in time that is bounded from above 
by some polynomial in the length of N". 

(IVIII) : The check whether A satisfies N" U Ax can be performed in a deterministic fashion in time 
polynomial in the length of N" U Ax. 

Taking all the above results into account, we can upper bound the running time of the algo¬ 
rithm by some polynomial in len(A) 41en ( JV \ Hence, there is some constant c > 4 such that the 
nondeterministic running time lies in O(len(N) c ' len ( N ^ . Consequently, the problem of deciding 
whether a finite clause set N is satisfiable, lies in NEXPTIME. □ 

NEXPTIME-completeness of satisfiability for the Bernays-Schonfinkcl-Ramsey fragment of 
first-order logic without equality (cf. [ LewSOI ) immediately yields NEXPTIME-hardness of satis¬ 
fiability for finite clause sets over the BSR fragment with simple bounds. Together with Theorem 
[ED we thus obtain NEXPTIME-completeness of the problem. 

Corollary 18. The problem of deciding satisfiability w.r.t. DJI of finite clause sets over the BSR 
fragment with simple bounds is NEXPTIME-complete. 

6 Beyond Simple Bounds 

In this section we long to answer the question how simple our constraints have to be. The most 
complex atomic constraints we have allowed by now are of the form x<sc. Being able to cope with 
this kind, we can leverage the idea of flattening to deal with more complicated constraints such 
as 3 x + c < 1. The basic idea rests on two steps: 

(I) Transform this constraint into the equivalent x < 1 — ^c. 

(II) Introduce a fresh Skolem constant 6, transform the constraint into x < b and add a defining 
clause Cb expressing b = 1 — |c to the clause set. 

These two steps already indicate that this technique is restricted to atomic constraints that are 
either ground or univariate and linear, and in which the standard operations addition, subtraction, 
multiplication and division on the reals may be involved. But we may even allow free function 
symbols g : x ... x —>- £ with £i,..., £ m , £ G {7 Z, 5}, as long as all subterms occurring below 
g are ground. 

The key insight at this point is that complex ground terms s can be replaced by fresh constant 
symbols b s of the corresponding sort, if we add a defining clause Cb s that identifies b s with s (a 
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technique called basification in [KW12] 1 - see below for details. Of course, the replacement of s 
must be done consistently throughout the clause set. Consequently, we can extend the syntax of 
clauses so that more complex terms are admitted. 

Definition 19 (BSR Clause Fragment with Ground LA Bounds). Let O' collect nonconstant 
free function symbols equipped with sorting information. An atomic constraint is of the form 
s < s' with < € {<,<,=, 7 ^, >, >} and well-sorted base-sort terms s,s' over symbols in HlaU 
{+, U Q U iV in which every subterm g(s 1 ,..., s m ) with g € SY is ground and where s < s' 

contains at most one occurrence of a base-sort variable and no free-sort variables. A free atom A 
is either of the form s « s' with s, s' being either free-sort variables or well-sorted ground terms of 
the free sort over function symbols in S2 la U{+, or A is of the form P(s \,..., s m ), 

where P : £1 x . .. x S II and for each i < m the term Sj is of sort £,;• If C = P-, then s t is a 
base-sort variable, and if = <S, then Sj is either a free-sort variable or a ground free-sort term 
over function symbols in ff L A U {+, U flU Q'. 

As we have already sketched, we can easily transform a clause set N that contains clauses over 
the extended syntax into an equisatisfiable set Ni U N 2 so that Ni contains clauses according to 
Definition [I] only and all clauses in N 2 are of the form b s ^ s || — > □ or || —>• b s « s. Clearly, we can 
proceed with Ni according to Steps (P) to (jVj) of the algorithm given in the proof of Theorem |TT] 
and thus obtain the essentially ground clause set N" that is equisatisfiable to Ni and a set Ax of 
axioms. The construction of a hierarchic interpretation A for N" in Step (EH) can be modified so 
that it results in an interpretation that also covers all function symbols that occur in N 2 but not in 
Ni . Checking whether A is a hierarchic model of N" U Ax U N 2 can be done easily. Consequently, 
the hierarchic satisfiability problem for clause sets over the extension of the BSR fragment with 
ground LA bounds is decidable, too. 

7 Undecidable Fragments 

So far we have described decidable fragments of first-order logic modulo linear arithmetic. In 
|FW12| it has been shown that already the Bernays-Schonfinkel-Horn (BSH) fragment with ad¬ 
dition and subtraction on the reals is undecidable. In the current section we describe more fine¬ 
grained undecidable fragments. As it turns out, two-counter machines - of which the halting 
problem has been proven to be undecidable in |Min67] - can be encoded exclusively using very 
restricted syntax on the constraint part, such as difference constraints x — y<c , additive constraints 
x + y <1 c, quotient constraints x<c- y (which could equivalently be written ^ < c, hence the name) 
or multiplicative constraints x ■ y <d c. Even more restrictive, in the case of difference constraints 
and quotient constraints only a single base-sort constant symbol is necessary. In case of quotient 
and multiplicative constraints, lower and upper bounds on the used variables do not lead to a 
decidable fragment - which would be the case if we were using variables over the integers. 

Difference constraints We use the predicate symbol M : S x 1Z x 1Z xTZ to address the state 
of the machine as follows: M(u, x , y, z) stands for a machine at instruction u with counter values 
i\ = x — z — 1 and i 2 = y — z — 1, where the last argument z keeps track of an offset relative to 
which x and y store the values of the counters. Following this principle, the increment instruction 
for the first counter i\ is encoded by the clause x' — x = 1 || M(b, x, y, z ) —> M(b ', x', y, z), which 
leaves the offset untouched. The offset is an appropriate tool that allows us to have a uniform 
syntactic structure for all atomic constraints. It is due to the offset encoding that we can easily use 
a difference constraint when checking whether a counter is zero or not. The conditional decrement 
instruction is split up in two clauses: the zero case x — z = 1 || M(b, x, y, z) — > M(b',x,y, z) and 
the non-zero case x — z > 1, y' — y = 1, z' — z = 1 |j M(b,x,y,z) -A- M(b',x',y,z'). Hence, by 
undecidability of the halting problem for two-counter machines, we may conclude that satisfiability 
for the BSH fragment with difference constraints (requiring only the constant 1 besides the input) 
and a single free 4-ary predicate symbol is undecidable, too. 
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Quotient constraints Encoding two-counter machines in the BSH fragment with quotient con¬ 
straints works very similar. We only need to change the representation of counter values in a state 
M(u,x,y, z) as follows: i\ = — log 2 (^r) = — log 2 (x) + log 2 (z) — 1 and i 2 = — log 2 (^). In¬ 
crementing the first counter is encoded by 2 • x' = x || M(b,x,y,z) —>• M(b',x',y,z), and the 
conditional decrement instruction is represented by 2 • x = z || M(b,x,y,z ) —> M(b’,x,y,z) and 
2 • x < z, 2 • y' = y, 2 ■ z' = z || M(b, x, y, z) —> M(b', x, y', z'). Analogous to the case of difference 
constraints, we may now show undecidability of the satisfiability problem for the BSH fragment 
with quotient constraints (requiring only the constant 2) and a single free 4-ary predicate sym¬ 
bol is undecidable. We have chosen negative exponents for the encoding of the counter values, 
since this guarantees that the range of the base-sort variables is bounded from below and above. 
Thus, we could restrict all base-sort variables to values within (0,1] (by adding appropriate atomic 
constraints to every clause), and still end up with an undecidable satisfiability problem. 

Additive constraints Having additive constraints of the form x + y<c at hand, we can simulate 
subtraction by defining the additive inverse using a constraint x+X— = 0. To keep track of inverses, 
we adjust the arity of M accordingly. Counter values are represented in the same way as we have 
done for difference constraints. The increment instruction for the first counter is thus encoded 
by x' + X- = 1, x' + x'_ = 0 || M(b,x,X-,y,y-,z,Z-) —> M(b',x',x'_,y,y-, z, Z-). It is now 
straightforward to come up with the encoding of the conditional decrement. Hence, satisfiability 
of the BSH fragment with additive constraints and a single free predicate symbol of arity 7 is 
undecidable. However, this time we need two constants, namely 1 and 0. 

Multiplicative constraints In order to complete the picture, we shortly leave the realm of 
linear arithmetic and consider multiplicative constraints of the form x ■ y < c. These relate to 
quotient constraints as additive constraints relate to difference constraints. Hence, combining 
the previously used ideas of offsets and inverses, we can encode two-counter machines also with 
multiplicative constraints: 

x ■ x'_ 1 = 2, x' ■ x'_ x = 1 || M(b , x, X-i, y, y_ 1 , z, Z- 1 ) —> M(b\ x', x'_ x ,y, y- 1, z, Z- 1) encodes the 
increment instruction on the first counter, for instance. As in the case of quotient constraints, we 
could restrict the range of base-sort variables to (0,1] by suitable constraints. Consequently, this 
leads to another fragment of which the satisfiability problem is undecidable. 

8 Conclusion and Future Work 

Our main contribution is a proof showing that satisfiability of the BSR fragment equipped with 
simple bounds on real arguments is decidable. The key argument describes a satisfiability preserv¬ 
ing replacement of universally quantified clauses by finitely many instances which are in essence 
variable free. The analysis of a naive decision procedure proves that satisfiability of this fragment 
is NEXPTIME-complete. The complexity result is of particular interest, since satisfiability of the 
Bernays-Schonhnkel fragment has already been known to be NEXPTIME-complete for more than 
three decades jLew80] . 

Our approach to proving decidability has been tailored to be well-suited for an integration into 
reasoning procedures that perform efficiently on practically relevant problem instances. This in 
particular applies to the way we handle the real-sorted part of clauses. For the free parts we could 
have adopted more fine-grained techniques inspired by the ones we used for the real-sorted part. 
However, we did not do so for the sake of simplicity and brevity. 

It turned out that we leave the realm of decidability as soon as we add elementary operations 
o on the reals to our constraint language, even if we restrict the free part to Horn clauses over 
the Bernays-Schonfinkel fragment. Constraints of the form x o y <1 c are sufficient to obtain an 
undecidable fragment, where o can stand for addition, subtraction, multiplication and division, < 
represents standard relations <,<,=, 7 ^, >, >, and c is a real-valued constant. This observation 
nicely complements our main result, since it quite clearly highlights the limits of decidability in 
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this context. Moreover, it reveals some interplay between real-sorted constraints and the free first- 
order part. For instance, difference logic (boolean combinations of propositional variables and 
existentially quantified constraints x — y<c with c being a real-valued constant and <1 G {<,<}) is 
known to be decidable IMNAM02] . However, we have seen in Section [7] that its combination with 
the Bernays-Schonfinkel-Horn fragment is sufficient to formalize two-counter machines. 

Although the obvious options for further extending the constraint language lead to undecid¬ 
ability there might still be room for improvement. We leave it as future work to investigate the 
BSR fragment with simple bounds plus constraints of the form x < y with x, y being real-valued 
variables and <1 G {<,<,=, 7^, >, >}. On the other hand, it is conceivable to combine other de¬ 
cidable free first-order fragments with simple bounds, preferably ones satisfying the finite model 
property such as the monadic fragment. As we have already pointed out, a natural next step 
for us will be to devise useful decision procedures for the BSR fragment with simple bounds that 
perform well in practice. 
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